clarify TLS instructions

This commit is contained in:
Richard van der Hoff 2019-02-19 13:09:38 +00:00 committed by GitHub
parent 1c0eb8bbb2
commit 49b58f0a16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -358,26 +358,25 @@ For information on using a reverse proxy, see
[docs/reverse_proxy.rst](docs/reverse_proxy.rst). [docs/reverse_proxy.rst](docs/reverse_proxy.rst).
To configure Synapse to expose an HTTPS port, you will need to edit To configure Synapse to expose an HTTPS port, you will need to edit
`homeserver.yaml`. `homeserver.yaml`, as follows:
First, under the `listeners` section, uncomment the configuration for the * First, under the `listeners` section, uncomment the configuration for the
TLS-enabled listener. (Remove the hash sign (`#`) and space at the start of TLS-enabled listener. (Remove the hash sign (`#`) at the start of
each line). The relevant lines are like this: each line). The relevant lines are like this:
``` ```
- port: 8448 - port: 8448
type: http type: http
tls: true tls: true
resources: resources:
- names: [client, federation] - names: [client, federation]
``` ```
* You will also need to uncomment the `tls_certificate_path` and
You will also need to uncomment the `tls_certificate_path` and `tls_private_key_path` lines under the `TLS` section. You can either
`tls_private_key_path` lines under the `TLS` section. You can either point point these settings at an existing certificate and key, or you can
these settings at an existing certificate and key, or you can enable Synapse's enable Synapse's built-in ACME (Let's Encrypt) support. Instructions
built-in ACME (Let's Encrypt) support. Instructions for having Synapse for having Synapse automatically provision and renew federation
automatically provision and renew federation certificates through ACME can be certificates through ACME can be found at [ACME.md](docs/ACME.md).
found at [ACME.md](docs/ACME.md).
## Registering a user ## Registering a user